121 matches found
PT-2022-21530 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.2 through 15.2.4 GitLab EE versions 15.3 through 15.3.3 GitLab EE versions 15.4 through 15.4.0 Description: The issue is related to a lack of IP address checking in GitLab EE, which allows a group member to bypass IP...
PT-2022-10583 · Starfish · The Rich Reviews By Starfish
Name of the Vulnerable Software and Affected Versions: Rich Reviews by Starfish plugin versions = 1.9.14 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to delete reviews. Recommendations: For Rich Reviews by Starfish plugin versions = 1.9.14, update to a version higher th...
CVE-2022-31091 Change in port should be considered a change in origin in Guzzle
Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...
Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors...
SUSE-SU-2021:2838-1 Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. bsc1188438...
OPENSUSE-SU-2021:2274-1 Security update for kubevirt
This update for kubevirt fixes the following issues: General: - Updated kubevirt to version 0.40.0 - Fixed an issue when calling virsh-domcapabilities - Fixed the the wrong registry path for containers. Security fixes: - CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in...
NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)
The remote NewStart CGSL host, running version MAIN 6.01, has thunderbird packages installed that are affected by multiple vulnerabilities: - By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This...
RSS News AutoPilot Script 1.0.13.1.0 - Admin Panel Authentication Bypass
RSS News AutoPilot Script 1.0.13.1.0 - Admin Panel Authentication Bypass Exploit Title: RSS News AutoPilot Script - Admin Panel Authentication Bypass Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link:...
Calibre Companion Demo Version - Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Calibre Companion Demo Version published at the 'play' market has multiple vulnerabilities...
CVE-2014-1949
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...
GeeCarts - view.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28470/info GeeCarts is prone to multiple input-validation vulnerabilities, including remote file-include and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issu...
Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : dhcp (SSA:2012-258-01)
New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2012-258-01. The text itse...
Energizer DUO USB Battery Charger Software Allows Remote System Access
US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...
Update of jcaptcha
Update version of jcaptcha that we use...
CVE-2005-0071
vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files...
PHPList < 2.6.5 Multiple Remote Vulnerabilities
Binary data 2378.prm...
Apache <= 1.3.33 htpasswd Local Overflow
The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is...
IBM DB2 9.1 < 9.1 Fix Pack 7 / 9.5 < 9.5 Fix Pack 4 Multiple Vulnerabilities
Binary data 5043.prm...
Gaim < 0.82 Multiple Overflows
Binary data 2159.prm...
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
The version of CVSweb on the remote host is = 1.85. This version allows a remote attacker to execute arbitrary commands in the context of the web server. This version of CVSweb is no longer maintained. Please consider switching to the latest version of FreeBSD CVSweb. %NASLMINLEVEL 70300 C Tenabl...